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1 

I. I Appealed Claims 1 and 9 

In the Appeal Brief filed March 5, 2007 ("Appeal Brief), Applicant's 
representative argued that the claimed element "accessing a token through a token 
rekder connected to a computer system by a certificate authority," as recited in 
claims 1 and 9, is not taught or suggested by U.S. Patent No. 6,194.131 to Geer, et 
all ("Geer") In view of the U.S. Patent No. 6,615,171 to Kanevsky, et al. 
("kanevsky"). The Examiner responded to Applicant's representative's arguments in 
thje Examiner's Answer dated June 29, 2007 ("Examiner's Answer"), by stating the 
following: 

I Geer et al. teaches that information within a token is accessed via a 
network by a certifying authority in col. 2, lines 27-39 and Figure 1 , 
elements 10, 12 and 18: "a system for implementing a transaction 
in accordance with the present invention includes an authorizing 
computer 1 0, a smart card 1 2 at authorizing computer 1 0 that 
corresponds to a specific user of the authorizing computer 10, an 
authorized computer 14 that is authorized by authorizing computer 
1 0 to perform some specific action, and a transaction computer 1 6 
that performs a transaction with authorized computer 14 that 
includes the authorized computer 14 performing the authorized 
action. The system also includes a certifying authority 18 that 
performs the conventional function of certifying the identity of the 
user to authorized computer 14 and transaction computer 16." In 
the previously cited portion, Geer teaches that a certifying authority 
is necessary to certify the identity of the user to the authorized 
computer and to the transaction computer. Thus, in order to 
perform the operations of the invention disclosed by Geer, the 
certificate authority must have access to the users information via 
the smart card, i.e. the token in order to be able to prove the users 
true identity to the computers that the user is requesting some type 
of service from (Examiner's Answer, Page 8). 



j Applicant's representative respectfully disagrees with the 
Examiner's conclusion that the certifying authority 18 disclosed in Geer, 
rpust have access to the users information via the smart card 12 to prove 
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the identity of the user. For instance, in Geer the authorizing computer 10 
cdjuld communicate with the smart card 12, and then send information to 

j 

the certifying authority 18 requesting that proof of the user's identity be 
sejnt to the computers to which the user is requesting service. Such an 
iniplementation of Geer wouid not require any access (or even any 
communication) to exist between the smart card 12 and the certifying 

* 

authority 18. 

) Applicant's representative respectfully submits the Examiner's 

conclusion (that the certifying authority 18 must be able to access the 

i 

smart card 12) is based not on the teachings and suggestions of the cited 
ak, but rather on the present application. To imbue one of ordinary skill in 
ttie art with knowledge of the invention under consideration, when no prior 
art reference or references of record convey or suggest that knowledge, is 
to fall victim to the insidious effect of a hindsight syndrome, wherein the 
teachings of the Invention are used against itself. W.L Gore & 
Associates, Inc. v. Gariock, Inc., 721 F.2d 1540, 1553, 220 U.S.P.Q. 303, 
3|12-313 (Fed. Cir. 1983). Accordingly, Applicants representative 
respectfully submits that the Examiner is incorrect in her analysis of the 
cited art, and thus has failed to show that the element of "accessing a 
tbken through a token reader connected to a computer system by a 
certificate authority," as recited in claims 1 and 9, is taught or suggested 
By the cited art. 

In the Appeal Brief, Applicant's representative argued that the 
element "downloading a certificate and an associated private key to a 

r 
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token," as recited in claims 1 and 9, is not taught or suggested by Geer 
taken in view of Kanevsky, when claims 1 and 9 are read as a whole. In 
response, the Examiner stated the following: 

"Referring to FIG. 6, in operation of the system of FIG. 5, each - of 
the actual parties to the business obtains, from a certifying authority 
computer operated by an investment banking firm, an authorizing 
certificate and a private key of a new public key pair minted by the 
certifying authority computer (step 78)." Furthermore, since Geer 
■: also discloses that the invention uses smart cards, each of the 
parties in the embodiment where a business deal is conducted are 
presumed to use a smart card for maintaining the certificate and 
private key sent. . . (See Examiner's Answer, Page 9). 

Applicant's representative respectfully submits that the Examiner is once 
again failing to read claims 1 and 9 as a whole. The determination of obviousness 
requires an evaluation of the claimed invention as a whole, and not merely the 
difference between the claimed invention and the prior art. LearSiegler, Inc. v. 
Aeroquip Corp.. 733 F.2d 881 , 221 U.S.P.Q. 1025, 1033 (Fed. Cir. 1984). In 
claims 1 and 9, the token to which the certificate and associated private key are 
downloaded, is the same token from which a certificate is read. In analyzing claims 
4 and 9, it is respectfully submitted the Examiner has failed to cite any section of 

j 

Geer that teaches or suggests that the authorization certificate and a private key 
rhinted by the certifying authority computer are downloaded to a smart card (e,g., 
tbken) from which a user signature certificate is read, as would be required if the 
authorization certificate and the private key disclosed in Geer were to read on the 
(Certificate and associated private key recited in claims 1 and 9. Accordingly, 
Applicants representative respectfully submits that the Examiner has failed to 
consider claims 1 and 9 as a whole, and thus has failed to show that the element of 

i -4- 
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"downloading a certificate and an associated private key to a token," as recited in 
claims 1 and 9 is taught or suggested by the cited art, when claims 1 and 9 are read 
as a whole. 

: In the Appeal Brief, Applicant's representative argued that the element 
"searching for a match for the token ID and the user signature certificate in an 
authoritative database, and that a certificate and an associated private key are 
wrapped with a public key associated with the token ID if a match is found for the 
tbfcen ID and the user signature certificate is found in the authoritative database," as 
related in claims 1 and 9 is not taught or suggested by Geer taken in view of 
Kanevsky. In response, the Examiner stated the following: 

\ 

[a]Hhough Kanevsky suggests returning a new PIN to the user, 
when modifying Geer, the new PIN is replaced with the new 
conversation certificate along with its associated private key. One 
would have been motivated to modify the method disclosed in Geer 
et al. with Kanevsky because doing so not only ensures that the 
information transmitted is both confidential and can only be 
decrypted by the user who has a the private key associated with 
the public key of the smartcard, but allows for stronger means of 
; authenticating each business partner before allowing that entity 
access to highly confidential information. 

i 

Applicant's representative respectfully submits that the reason for combining 
^nd modifying the teachings of Geer and Kanevsky provided by the Examiner 
appears to be based on improper hindsight Applicant's representative respectfully 
submits that the cited art <e.g„ Geer and Kanevsky) has security holes that the 
present application overcomes. In particular, in the methodology and computer 
program recited in claims 1 and 9 respectively, the user signature certificate is 
\ryrapped with a public key associated with a token ID. Thus, the user signature 

: -5- 
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'j 

certificate is encrypted and cannot be decrypted without using a private key stored 
oil the token (the decryption step is also recited in claims 1 and 9). The 
methodology and computer program recited in claims 1 and 9 respectively can 
prevent unauthorized access of the signature certificate by malicious programs that 
day intercept the encrypted certificates (e.g., "Trojan Horses", See Spec, Pars. 
[001 0] and [001 3]). Neither Kanevsky nor Geer even considers the possibility that 
stich malicious programs can pose a security threat. Accordingly, Applicant's 
representative respectfully submits that the Examiner has failed to show that 
"Searching for a match for the token ID and the user signature certificate in an 
authoritative database, and that a certificate and an associated private key are 

t 

wrapped with a public key associated with the token ID if a match is found for the 
token ID and the user signature certificate is found in the authoritative database," as 
recited in claims 1 and 9, is taught or suggested by the cited ait 

In the Appeal Brief, Applicant's representative argued that there is no 
motivation to combine and modify the teachings of Geer and Kanevsky in the 
manner suggested by the Examiner since the purported combination would require a 
tradeoff of convenience for increased security and complexity, which would be 
dontrary to current patent case law. The Examiner's response included the following: 

Thus, the combination of Geer and Kanevsky result in a system 
which is more likely to prevent unauthorized users to gain access to 
confidential information. Furthermore, in response to Appellant's 
statement that "Geer does not even mention the employment of 
token IDs," Examiner would like to note that the term token ID is not 
specifically defined, thus, for all purposes a token ID may even be 
interpreted (according to MPEP 21 1 1) as the public/private key pair 
which is unique to each smart card disclosed... (See Examinees 
f Answer Page 14). 

■v 
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Applicant's representative respectfully submits that the Examiner failed to 
address Applicanfs representative's argument that combining and modifying the 
teachings of Geer and Kanevsky would result in a less convenient system, but 
inktead argues that the motivation to combine and modify Geer and Kanevsky arises 
solely from an increase in security. Thus, Applicant's representative respectfully 
submits that the Examiner has failed to establish a proper motivation to combine and 

mrodify the teachings of Geer and Kanevsky. 

I 

Furthermore, in response to the Examiner's argument that a public/private key 
pair can read on a token ID, Applicanfs representative respectfully disagrees. 
Claims 1 and 9 recite a token ID, a public key associated with the token ID, and a 
pn'vate key. Applicanfs representative respectfully submits that any interpretation of 
claims 1 and 9 that would have a public/private key pair being equivalent to a token 
ID would be an interpretation contrary to a normal claim Interpretation. A claim 
construction that gives meaning to all the terms of the claim is preferred over one 
that does not do so. Merck & Co. v. Teva Pharms. USA, Inc., 395 F.3d 1364, 1372, 
713 U.S.P.Q.2D 1641 (Fed. Cir. 2005). Thus, Applicanfs representative respectfully 
submits that the Examiner is attempting to construe claims 1 and 9 such that not all 
c>f the terms recited (e.g., token ID) are given meaning, since the Examiner contends 
that the token ID is equivalent to other terms recited in claims 1 and 9 (e.g., public 
and private keys). Accordingly, Applicant's representative respectfully submits that 
the Examiner has failed to establish a proper motivation for combining and modifying 
the teachings of Geer and Kanevsky in the manner suggested by the Examiner, 
ifhus, for the reasons stated above, Applicant's representative maintains that claims 
11 and 9 are patentable over Geer taken in view of Kanevsky. 
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II J Appealed Claims 2 and 10 

i 

I In the Appeal Brief, Applicant's representative argued that the 
element M a certificate and associated private key is a plurality of 
certificates and associated private keys, wherein at least one of the 
certificates and associated private keys is a signature certificate for the 
user, an encryption certificate and associated private key for the user, and 
ajrole certificate and associated private key for the user, wherein the role 
certificate includes at least one policy, 1 ' as recited in claims 2 and 10, is 
not taught or suggested by Geer taken in view of Kanevsky, when claims 
2|and 10 are read in light of their corresponding independent claims, 
n'amely claims 1 and 9, respectively. In response, the Examiner cited 
various sections of Geer that the Examiner contends discloses different 
kinds of certificates (See Examiner's Answer, Pages 14-16). Applicants 
representative respectfully submits that the Examiner's response failed to 
djddress Applicant's representative's point made in the Appeal Brief that 
sjnce claims 2 and 10 depend from claims 1 and 9, respectively, the 
plurality of certificates and private keys recited in claims 2 and 10 is 
(downloaded to the token, which is the same token from which a user 
signature certificate is read. Accordingly, Applicant's representative 
maintains that claims 2 and 10 are patentable over Geer taken in view of 
Kanevsky. 
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III. Appealed Claims 7 and 15 

In the Appeal Brief, Applicant's representative argues Geer, Kanevsky and 
Uls. Patent Pub. No. 2003/0005291 to Bum ('Burn") teach away from their 
combination and modification in the manner suggested by the Examiner since the 
purported combination would result in an inoperable device. In the Examiner's 
Answer, Examiner responds by stating: 

■ (t]he test for obviousness is not whether the features of a 

secondary reference may be bodily incorporated into the structure 
of the primary reference; nor is it that the claimed invention must be 
expressly suggested in any one or all of the references. Rather, 
the test is what the combined teachings of the references would 
have suggested to those of ordinary skill in the art. See In re 
Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981). In this case, 
one would have been motivated to modify the teachings of Geer in 
view of Kanevsky by Bum in order to incorporate yet another layer 
. of security which is to require that a user enter a password before 
the operations may be performed as suggested by Burn. . . 

Applicant's representative respectfully submits the Examiner has 
misconstrued the cited art references. It is impermissible to use the claimed 
invention as an instruction manual or "template 11 to piece together the teachings of 
the prior art so that the claimed invention is rendered obvious. In m Fritch, 972 R2d 
1)260, 23 U.S.P.Q. 2d 1780 (Fed. Cir 1992). One cannot use hindsight 
reconstruction to pick and choose among isolated disclosures in the prior art to 
deprecate the claimed invention. In re Fine, 837 F.2d 1071, 5 U.S.P.Q. 2d 1596 
(Fed. Cir. 1988). Applicant's representative respectfully submits that the Examiner is 
attempting to use claims 7 and 16 as the aforementioned template, since it appears 
that the Examiner is attempting to use small parts (modified considerably) of each 
pited art reference to support her arguments. Accordingly, Applicant's representative 
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respectfully maintains the position that combining and modifying the teachings of 

r 

Gfeer, Kanevsky and Burn would result in an inoperable device, and thus, claims 7 
and 15 are patentable over the cited art. 

> 

\ 
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CONCLUSION 

In view of the foregoing remarks, Applicant's representative respectfully 
siibmits that the present application is in condition for allowance. Applicant's 
representative respectfully requests reconsideration of this application and that the 
application be passed to issue. 

Please charge any deficiency or credit any overpayment in the fees for this 
amendment to our Deposit Account No. 20-0090. 

i' 

I 
f 
"| 

i 

Respectfully submitted, 



Date 28 August 2007 




Christopher P. Harris 
Registration No. 43,660 



Customer No.: 26,294 

tjarolli, sunoheim, covell, & tummino l.l.p. 
1f300 East Ninth Street, Suite 1700 
Gleveland, Ohio 44114 
Phone: (216)621-2234 
6ax: (216)621-4072 
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